package sv.com.renacempleo.web.controller.sgd;

import java.util.Collection;

import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import sv.com.renacempleo.web.controller.BaseController;

@Controller
@RequestMapping("/security")
public class SgdLoginController extends BaseController {
	
	private static final long serialVersionUID = 6238003740955585882L;

	@RequestMapping(value = "login", method = RequestMethod.GET)
	public String login() {
		logger.info("login");
		
		return "login";
	}
	
	@RequestMapping(value = "accessDenied", method = {RequestMethod.GET, RequestMethod.POST})
	public String accessDenied(ModelMap model, HttpServletResponse response) {
		logger.info("accessDenied");
		Collection<GrantedAuthority> authorities = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
		boolean hasUserRol = false;
		for (GrantedAuthority grantedAuthority : authorities) {
			if("ROLE_USUARIO".equalsIgnoreCase(grantedAuthority.getAuthority())){
				hasUserRol = true;
				break;
			}
		}
		return hasUserRol ? "redirect:/home?ssac=1cda525" : "redirect:/security/logout?ssac=afd521";
	}

}
